From d518f06eae294ab2a6ad62dfdfe4348b38cb3266 Mon Sep 17 00:00:00 2001
From: noellabo <noel.yoshiba@gmail.com>
Date: Sun, 18 Feb 2024 11:24:19 +0900
Subject: [PATCH] Add reject blurhash to Admin setting

---
 app/lib/activitypub/activity/create.rb         | 5 +++++
 app/models/form/admin_settings.rb              | 1 +
 app/views/admin/settings/others/show.html.haml | 3 +++
 config/locales/en.yml                          | 3 +++
 config/locales/ja.yml                          | 6 ++++++
 config/settings.yml                            | 1 +
 lib/exceptions.rb                              | 1 +
 7 files changed, 20 insertions(+)

diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb
index 489863fedb..7b7566d3bf 100644
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@@ -14,6 +14,8 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
     else
       create_status
     end
+  rescue Mastodon::RejectPayload
+    reject_payload!
   end
 
   private
@@ -83,6 +85,9 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
     @params               = {}
 
     process_status_params
+
+    raise Mastodon::RejectPayload if MediaAttachment.where(id: @params[:media_attachment_ids]).where(blurhash: Setting.reject_blurhash.split(/\r\n/).filter(&:present?).uniq).present?
+
     process_tags
     process_audience
 
diff --git a/app/models/form/admin_settings.rb b/app/models/form/admin_settings.rb
index d284b929fe..cfc326047c 100644
--- a/app/models/form/admin_settings.rb
+++ b/app/models/form/admin_settings.rb
@@ -46,6 +46,7 @@ class Form::AdminSettings
     captcha_enabled
     authorized_fetch
     reject_pattern
+    reject_blurhash
   ).freeze
 
   INTEGER_KEYS = %i(
diff --git a/app/views/admin/settings/others/show.html.haml b/app/views/admin/settings/others/show.html.haml
index 06dcf2bf8b..8d0a2b1acf 100644
--- a/app/views/admin/settings/others/show.html.haml
+++ b/app/views/admin/settings/others/show.html.haml
@@ -15,5 +15,8 @@
   .fields-group
     = f.input :reject_pattern, wrapper: :with_block_label, as: :text, label: t('admin.settings.reject_pattern.title'), hint: t('admin.settings.reject_pattern.desc_html'), input_html: { rows: 8 }
 
+  .fields-group
+    = f.input :reject_blurhash, wrapper: :with_block_label, as: :text, label: t('admin.settings.reject_blurhash.title'), hint: t('admin.settings.reject_blurhash.desc_html'), input_html: { rows: 8 }
+
   .actions
     = f.button :button, t('generic.save_changes'), type: :submit
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 6e9b972895..d0067ec8ea 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -778,6 +778,9 @@ en:
           approved: Approval required for sign up
           none: Nobody can sign up
           open: Anyone can sign up
+      reject_blurhash:
+        desc_html: Set a blurhashes to inspect Create Activity media attachments, and refuse Activity if you match
+        title: Reject blurhash
       reject_pattern:
         desc_html: Set a regular expression pattern to inspect Create Activity content, and refuse Activity if you match
         title: Reject Pattern
diff --git a/config/locales/ja.yml b/config/locales/ja.yml
index 2051e30aee..daec3555d5 100644
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
@@ -760,6 +760,12 @@ ja:
           approved: 登録には承認が必要
           none: 誰にも許可しない
           open: 誰でも登録可
+      reject_blurhash:
+        desc_html: Create Activityの添付画像を検査するblurhashを設定し、一致する場合はActivityを拒否します
+        title: 拒否画像ハッシュ
+      reject_pattern:
+        desc_html: Create Activityのcontentを検査する正規表現パターンを設定し、一致する場合はActivityを拒否します
+        title: 拒否パターン
       security:
         authorized_fetch: 連合サーバーによる署名なしでの情報取得を拒否する
         authorized_fetch_hint: ほかの連合サーバーから受け付けるリクエストに署名を必須にすることで、ユーザーによるブロックおよびドメインブロック両方の効果をより強力にします。ただし連合の処理コストが増えてパフォーマンス面で不利になるほか、このサーバーから送られた反応が届く範囲が狭まったり、連合における互換性の問題を招く可能性もあります。また、この機能は公開投稿やプロフィールへのアクセスをブロックした相手から完全に遮断できるものではありません。
diff --git a/config/settings.yml b/config/settings.yml
index 355fc5f515..72068b135e 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -47,6 +47,7 @@ defaults: &defaults
   backups_retention_period: 7
   captcha_enabled: false
   reject_pattern: ''
+  reject_blurhash: ''
 
 development:
   <<: *defaults
diff --git a/lib/exceptions.rb b/lib/exceptions.rb
index d3b92f4a09..029235560b 100644
--- a/lib/exceptions.rb
+++ b/lib/exceptions.rb
@@ -8,6 +8,7 @@ module Mastodon
   class LengthValidationError < ValidationError; end
   class DimensionsValidationError < ValidationError; end
   class StreamValidationError < ValidationError; end
+  class RejectPayload < ValidationError; end
   class RaceConditionError < Error; end
   class RateLimitExceededError < Error; end
   class SyntaxError < Error; end